HTTP: fix stack overwrite due to format string error.

On AMD64, %lu refers to a 64-bit unsigned value, but the address passed
to sscanf points to a 32-bit unsigned value.  This causes an adjoining
value on the stack to be overwritten with data from the converted
integer.  Fix the format string to match the size of the supplied value,
and remove the pointer cast.

diff --git a/lib/silchttp/silchttpserver.c b/lib/silchttp/silchttpserver.c
index cd94c407f4f3d7f53dfd06961c2daf46eb8a1400..e83d2f379b274f1106774bbc754ecb98ecf8482d 100644 (file)
--- a/lib/silchttp/silchttpserver.c
+++ b/lib/silchttp/silchttpserver.c
@@ -194,7 +194,7 @@ static SilcBool silc_http_server_parse(SilcHttpServer httpd,
 
     /* Check we have received all data */
     cl = silc_mime_get_field(conn->curheaders, "Content-Length");
-    if (cl && sscanf(cl, "%lu", (unsigned long *)&cll) == 1) {
+    if (cl && sscanf(cl, "%u", &cll) == 1) {
       if (data_len < cll) {
        /* More data to come */
        silc_mime_free(conn->curheaders);